diff --git a/src/registrar/decorators.py b/src/registrar/decorators.py index ff8da3eed..5bb80bf18 100644 --- a/src/registrar/decorators.py +++ b/src/registrar/decorators.py @@ -70,6 +70,10 @@ def _user_has_permission(user, request, rules, **kwargs): # Ensure user is authenticated if not user.is_authenticated: return False + + # Ensure user is not restricted + if user.is_restricted(): + return False conditions_met = [] diff --git a/src/registrar/views/utility/mixins.py b/src/registrar/views/utility/mixins.py index f03c83ee1..23bcff162 100644 --- a/src/registrar/views/utility/mixins.py +++ b/src/registrar/views/utility/mixins.py @@ -205,39 +205,15 @@ class DomainPermission(PermissionsLoginMixin): The user is in self.request.user and the domain needs to be looked up from the domain's primary key in self.kwargs["domain_pk"] """ - - if not self.request.user.is_authenticated: - return False - - if self.request.user.is_restricted(): - return False - pk = self.kwargs["domain_pk"] - # If pk is none then something went very wrong... - if pk is None: - raise ValueError("Primary key is None") # test if domain in editable state if not self.in_editable_state(pk): return False - if self.can_access_other_user_domains(pk): - return True - - # user needs to have a role on the domain - if not UserDomainRole.objects.filter(user=self.request.user, domain__id=pk).exists(): - return self.can_access_domain_via_portfolio(pk) - # if we need to check more about the nature of role, do it here. return True - def can_access_domain_via_portfolio(self, pk): - """Most views should not allow permission to portfolio users. - If particular views allow access to the domain pages, they will need to override - this function. - """ - return False - def in_editable_state(self, pk): """Is the domain in an editable state"""